卸载列出残留进程
摘要:卸载列出残留进程 Exec(ExpandConstant('{app}\KmdUtil.exe'), 'scandll', '', SW_SHOWNORMAL, ewWaitUntilTerminated, ExecRet); _FX ULONG Kmd_DoWindow(WCHAR *text,
阅读全文
sandboxie配置文件
摘要:SB_STATUS CSbieIni::UpdateTextList(const QString &Setting, const QStringList& List, bool withTemplates) { QStringList OldSettings = GetTextList(Settin
阅读全文
sbiedll.dll log
摘要:void OutLog(WCHAR* TruePath) { WCHAR* imagename = wcschr(TruePath, L'\\'); if (imagename) { imagename += 1; if (_wcsicmp(imagename, L"sinvalid.docx")
阅读全文
LPC
摘要:下面示例仅支持x64 common.h #include <windows.h> #include <NTSecAPI.h> using namespace std; #define MAX_LPC_DATA 0x148 #define LPC_MESSAGE_LENGTH 48 #define M
阅读全文
Changing Environment Variables
摘要:ex1 #include <windows.h> #include <tchar.h> #include <stdio.h> #include <strsafe.h> #include <iostream> #define BUFSIZE 4096 int _tmain() { TCHAR chNe
阅读全文
Security Descriptor
摘要:#include <iostream> #pragma comment(lib, "advapi32.lib") #include <windows.h> #include <stdio.h> #include <aclapi.h> #include <tchar.h> bool IsAdmin()
阅读全文
资源同步
摘要:curr_sequence = (UCHAR) InterlockedIncrement(&last_sequence); refcount = InterlockedDecrement(&This->RefCount); InitializeCriticalSection(&g_cs); Meas
阅读全文
Process Memory
摘要:BOOL WINAPI InjectLibW(DWORD dwProcessId, PCWSTR pszLibFile) { BOOL bOk = FALSE; // Assume that the function fails HANDLE hProcess = NULL, hThread = N
阅读全文
pe格式
摘要:Peering Inside the PE: A Tour of the Win32 Portable Executable File Format | Microsoft Docs dumpbin.exe -imports C:\Windows\System32\notepad.exe
阅读全文
sandboxie注入
摘要:代码注入|沙盒加 (sandboxie-plus.com) _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init) _FX void *SbieDll_InjectLow_CopySyscalls(HANDLE hProcess) sbo
阅读全文
配置
摘要:ForceProcess=calc.exeForceProcess=cmd.exe StartCommand=mstsc.exeStartCommand=mspaint.exe File_CopyLimitSilent PromptForFileMigration
阅读全文
rpcss
摘要:_FX BOOLEAN Ipc_StartServer(const WCHAR *TruePath, BOOLEAN Async) { static const WCHAR *_format = L"%S (%d)"; static const WCHAR *_formatHex = L"%S (%
阅读全文
GetShortPathName
摘要:#include <windows.h> #include <tchar.h> #include <stdio.h> #define BUFSIZE 4096 #define LONG_DIR_NAME TEXT("c:\\longdirectoryname") void _tmain(int ar
阅读全文
经典版沙盒被启动
摘要:if (1) { MSG_HEADER req; req.length = sizeof(req); req.msgid = MSGID_SBIE_INI_RUN_SBIE_CTRL; ErrorMessageBox(L"Call SbieCtrl.exe"); SbieDll_CallServer
阅读全文
RTL-Register Transfer Level
摘要:RTL,Register Transfer Level,直译为寄存器转换级,顾名思义,也就是在这个级别下,要描述各级寄存器(时序逻辑中的寄存器),以及寄存器之间的信号的是如何转换的(时序逻辑中的组合逻辑)。 通俗来讲,RTL代码不是在“写代码”,是在画电路结构。RTL代码需要“画”出输入输出端口,各
阅读全文
IRQL-Interrupt Request Level
摘要:IRQL是Interrupt Request Level的缩写,即中断请求级别。是Windows操作系统使用的处理器中断级别。 KeRaiseIrql和KeLowerIrql #define POOL_DECLARE_IRQL KIRQL irql; #define POOL_LOCK(dummyl
阅读全文
silo相关
摘要:silo a large, round tower on a farm for storing grain or winter food for cattle: 一些历史 在微软与Docker合作之前,Windows缺乏容器正常工作所需的一些核心功能,主要是命名空间,控制组(cgroups)和层功能
阅读全文
Ps相关
摘要:Ps个人认为是process security的缩写 PsSetCreateProcessNotifyRoutineEx相关 if (Driver_OsVersion >= DRIVER_WINDOWS_7) { status = PsSetCreateProcessNotifyRoutineEx(
阅读全文